I have a problem with Facebook authentication logic:
On home page load, I call getLoginStatus() and if I get "connected", I redirect the user to his account page. If not, the user can click the login button that calls FB.login().
If the user is logged in and then navigates back to home page (full page load), getLoginStatus() there returns "connected" as expected and user gets bounced back to account page.
However, when the logged in user calls FB.logout() and repeats steps 1-2, the 2nd step will always yield "unknown" login status. So, FB.logout() basically breaks my bouncing logic.
I checked the mechanics of login/logout calls and it appears FB.logout() creates a fblo_<appId> cookie with 1 year expiration that blocks getLoginStatus() from returning the proper status. This seems to be the actual mechanism for keeping people logged out, which I can understand. What I can't understand, though, is: why this cookie is not deleted on a successful FB.login() call?
I fixed it myself by programatically deleting the cookie fblo_<appid> in callback functions of both FB.login() and FB.logout()
I was experiencing this a few days ago but I'm not seeing the issue any more.
In either case make sure you consider these different scenarios when testing:
A person logs into Facebook, then logs into your app. Upon logging out from your app, the person is still logged into Facebook.
A person logs into your app and into Facebook as part of your app's login flow. Upon logging out from your app, the user is also logged out of Facebook.
A person logs into another app and into Facebook as part of the other app's login flow, then logs into your app. Upon logging out from either app, the user is logged out of Facebook.
https://developers.facebook.com/docs/reference/javascript/FB.logout/
Debugging tip:
In the Application tab in Chrome you can select Cookies in the left panel and then type fblo into the search box to filter by that name. When I call FB.login and successfully authenticate I see that the fblo cookie disappears - so I believe this issue fixed.
Related
i want to make login system, and check if user is multiple login and give notification " account already login in other device" in current user login. how to make system like that? I've searched for it on google but couldn't find the right one
check if user is multiple login and give notification " account already login in other device" in current user login
Problem:
You can't really tell when the user is still logged in because the stateless server.
Lets say I log in inside an incognito window. When I close the session cookie is deleted.
But on the server it's still exists. How do you tell I'm actually logged in or not?
Solution:
You can make a heartbeat request to the server and log the activity.
So you have a JS code sending request in every minute so you know the user is online. Also in every request you set the cookie as well.
So you log the last activity time in every minute and every request.
When the user tries to log in you check if the logged activity is older than two minutes.
How can I refresh a long lived facebook access token in the background? From the facebook documentation
Even the long-lived access token will eventually expire. At any point,
you can generate a new long-lived token by sending the person back to
the login flow used by your web app - note that the person will not
actually need to login again, they have already authorized your app,
so they will immediately redirect back to your app from the login flow
with a refreshed token - how this appears to the person will vary
based on the type of login flow that you are using, for example if you
are using the JavaScript SDK, this will take place in the background,
if you are using a server-side flow, the browser will quickly redirect
to the Login Dialog and then automatically and immediately back to
your app again.
What I'm trying to reconcile is that in order to get a new access token you need to have the user login. In order to login, you must call FB.login(). According to the documentation, a user should click a button in order to login.
As noted in the reference docs for this function, it results in a
pop-up window showing the Login dialog, and therefore should only be
invoked as a result of someone clicking an HTML button (so that the
pop-up isn't blocked by browsers).
How can you refresh a long lived access token in the background with the facebook javascript SDK?
You can only refresh a User Token if the user visits your website: Use FB.getLoginStatus for that. You do not need to use FB.login - it would only work on user interaction (click event) anyway, because browsers usually block the popup if you try to call it automatically.
In scenario 1 the user is not logged into our app and is not logged into google in their browser. This shows them a pop up and tells them to log in to google and then tells them to authorize our app.
However, in my scenario, the user is already logged in and already has authorized my app. I log them in automatically but the problem is that the popup keeps appearing each time.
Is there a way to call the signin of google api without having the popup show?
Thanks in advance.
Since you marked this question as Javascript, I guess you must be using the oauth 2.0 through Google APIs Client Library for JavaScript.
https://developers.google.com/api-client-library/javascript/
In this page, https://developers.google.com/api-client-library/javascript/features/authentication.
Checkout the Auth example section, when you make the call gapi.auth.authorize(params, callback), set the param immediate to be true, so that the token is refreshed behind the scenes and no UI is shown to the user.
Checkout this page to see more details about the method gapi.auth.authorize(params, callback).
https://developers.google.com/api-client-library/javascript/reference/referencedocs#gapiauthauthorize
I've been banging my head against a wall with this one for way too long now.
I have a page outside facebook, with a like-button. Because it should be on a public computer, we also need a visible logout-button. When "like" is clicked, the user is prompted for login credentials. If those are ok, the like-event goes through ok. The user then should be able to log out. Which doesn't work.
The like button is now an -element. When clicked, it creates an edge.create-event that I can catch nicely.
For Logout button, i've tried 2 options.
First one:
<fb:login-button autologoutlink="true"></fb:login-button>
problem with this is, the link stays as "login" even after the user has logged in through the like-link, even after page refresh.
and a plain button, that triggers
FB.logout(function(response) {
cout(response);
});
This returns an error "FB.logout() called without a session." this seems to be because the user hasn't authorized the application. So the application has no rights. Both logout-options work fine IF the user has authorized the application. Problem is, this is only asked when the "login"-button is clicked. In this use case it wouldn't make sense for the user to first login and then click like.
Any ideas how to get the logout to work without getting the app authorization from the user?
Or how to make "like"-button in a way that it will ask for the app authorization?
I don't think it is possible.
You can check if somebody is currently logged in to facebook but not your up, that's about the most you can do. If a user is not authorized your app then you can't do anything with their login session (or data).
I don't think you should worry about public computers though, it is facebook's problem after all, not yours. If a user checks "remember me" on a public computer during login then they most likely won't click your logout button either.
I have created simple javascript widget where login happens using Facebook Single Sign On. It logins the person whenever he is logged in to facebook (after authorization for the first time). However, it also logs out the user when Facebook logout happens. I want the person to not get logged out when the person logs out of Facebook?
Suggest me what is the way around.
It is not possible to keep a facebook connection going once they are logged out. The way around would be to create your own user tracking.
Once a user is logged in through facebook - store their information in a session (cookie, table) and then rely only on that to check if this user is still logged in (you will need to implement your own logout too). This will work only if you use facebook as a login provider, if you need some interactions with facebook api that require login - they have to be logged in to facebook.